The ravings of a SANS/GIAC GSE (Compliance & Malware)
For more information on my role as a presenter and commentator on IT Security, Digital Forensics Statistics and Data Mining;
E-mail me: "craigswright @ acm.org".

Dr. Craig S Wright GSE

Followers

My Profile

Share it

What is happening

BooksI have a few books and another is on the way for 2012. Firstly, I have to plug the first in the Syngress Series of books on IT Audit. This is a comprehensive compliance hand governance handbook with EVERYTHING (from the high level to the hands on for the expert) to get you started in IT compliance and systems security. The main book is "IT REGULATORY AND STANDARDS COMPLIANCE HANDBOOK". This is the first in a series I have planned and more will follow in time. There will be electronic updates to this book over time to maintain it to a current level over time.

I will be working on co-authoring a book on CIP (Critical Infrastructure Protection) - but more on this later.

On top of this I recycle computers. To do this I take 1.5 to 2 year old corporate lease computers and refurbish them so that they can run the most current programs.

The question is - what do you do to help?

If you do not have the time, have you though about a donation?

This blog has been monetarised. This is where the money goes. By clicking and purchasing on this site, you help Burnside and Hackers for Charity. All monies earned here are split 50/50 between these two charities.

Who I am...or what...

Visitor locations

Sunday, 8 July 2012

SCAPY is a very powerful packet crafting, manipulation and analysis tool. Scapy is a set of Python modules that allows the user to create scapy enabled python script or run scapy in “interactive” mode. Once you are in interactive mode scapy provides you with several functions that get more details about SCAPY’s capabilities. The ls() command can be used to get more information about scapy’s supported protocols. If you run the ls() command without anything in the parenthesis scapy will give a list of all of SCAPY’s protocols. Putting one of these protocols inside the parenthesis will list the fields associate with that protocol. Scapy also supports the LSC() command which will give a list of scapy functions. You can get more information about the functions that are available by passing the name of the function you want more information on to the help() function. For example, help(fuzz) will give you more information on the fuzz() function.

Perhaps SCAPY’s most common use is to craft packets. Packets can be created by calling the methods associated with the specific protocol and passing the fields in that protocol as parameters to the protocol function. For example:

>>>newpacket=TCP(src=”192.168.1.1”, dst = “192.168.1.2”, dport=80)”

Note: the “” need to be the correct ones … Urgh

This will create a packet containing a TCP packet from the source IP address of 192.168.1.1 and a destination of IP address 192.168.1.2 and port 80. Since they have not been explicitly defined, the IP and Ether (Ethernet) layers will be populated by the defaults associated with these protocols. You can explicitly define each layer in the protocol stack and add protocols together with the “/” character. The new layers can be the results of other scapy objects or other methods. For example, we can combine our existing “newpacket” variable with another layer like this:

This will create a “Newudppacket” object containing a UDP packet to a destination IP address of 192.168.1.2 and a destination port of 1000 with a payload of “THIS IS MY UDP PAYLOAD”. Here is another example:

This will create a “NewTCPPacket” object containing a TCP packet to the destination host of “www.target.tgt” port 80 with a payload of “GET /HTTP/1.0\r\n\r\n”. This packet could be transmitted to a webserver to request the defalult page or www.target.tgt after the TCP handshake has been completed.